+set GW4 91.211.5.21
+set GW6 2a03:e2c0:2663:1::1
+
+set VPS4 45.10.110.72
+set VPS6 2a04:ac00:a:146::25
+
+set Y6 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
+
+set NS1 uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
+set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
+
+set NoSPF {"v=spf1 -all"}
+set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}
+
+proc zone {serial} {
+ global DOMAIN NS1 NS2
+puts "\$TTL 21600
+\$ORIGIN $DOMAIN.
+$DOMAIN. 21600 IN SOA $NS1 admin.$DOMAIN. (
+ $serial ; Serial
+ 12h ; Refresh
+ 2h ; Retry
+ 2w ; Expire
+ 6h ; TTL
+)
+@ NS $NS1
+@ NS $NS2
+_dmarc TXT \"v=DMARC1; p=none\""
+}
+
+proc fqdn {dn} {
+ global DOMAIN
+ switch -glob -- $dn {
+ @ { return $DOMAIN. }
+ *. { return $dn }
+ * { return $dn.$DOMAIN. }
+ }
+}
+
+proc shorten {dn} {
+ set dn [fqdn $dn]
+ global DOMAIN
+ if { $dn == "$DOMAIN." } { return @ }
+ return [join [lrange [split $dn .] 0 end-[expr [llength [split $DOMAIN .]] + 1]] .]
+}
+
+proc mx {dn} {
+ set dn [shorten $dn]
+ global ReSPF
+ puts "$dn MX 10 mailfake0.stargrave.org."
+ puts "$dn MX 20 mail2.stargrave.org."
+ puts "$dn MX 30 mailfake1.stargrave.org."
+ puts "$dn TXT $ReSPF"
+}
+
+proc dane {dn {port ""}} {
+ set dn [fqdn $dn]
+ if {$port == ""} { set port 443 }
+ set dirname [string trimright $dn .]
+ set was [pwd]
+ cd tls
+ foreach ca [lsort [glob ca/*/*]] {
+ set ca [join [lrange [split $ca /] 1 end] /]
+ if {![file exists [file join ee $ca $dirname]]} { continue }
+ puts "[shorten $dn] CAA 0 issue \"[lindex [split $ca /] end]\""
+ puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane ee/$ca/$dirname]"
+ }
+ cd $was
+}
+
+proc ssh {dn} {
+ set dn [fqdn $dn]
+ set fn ssh/[string trimright $dn .]
+ if {![file exists $fn]} { return }
+ set fd [open "| ssh-keygen -f $fn -r $dn"]
+ while {[gets $fd line] >= 0} {
+ if {[string first "SSHFP 4 2" $line] == -1} { continue }
+ puts "[shorten $dn] [lrange [split $line " "] 2 end]"
+ }
+ close $fd
+}
+
+proc subdomain {dn addrs {flags {}}} {
+ global Y6 NoSPF
+ set short [shorten $dn]
+ foreach addr $addrs {
+ if {[string first : $addr] == -1} { set atyp A } { set atyp AAAA }
+ puts "$short $atyp $addr"
+ }
+ dane $dn [lindex [split [lindex $flags [lsearch $flags dane:*]] :] end]
+ ssh $dn
+ if {[lsearch $flags nospf] == -1} { puts "$short TXT $NoSPF" }
+ if {[lsearch $flags y] != -1} {
+ set short [shorten y.[fqdn $dn]]
+ puts "$short AAAA $Y6"
+ puts "$short TXT $NoSPF"
+ ssh $short
+ }
+}
+
+proc pgp {keyid {uid ""}} {
+ if {$uid == ""} { set uid $keyid }
+ set fd [open "| gpg --export-options export-dane --export $keyid"]
+ while {[gets $fd line] >= 0} {
+ if {[string first $uid $line] != -1} { break }
+ }
+ puts $line
+ set line [split [gets $fd]]
+ set line [lreplace $line 0 0 "[lindex $line 0]._openpgpkey"]
+ puts [join $line]
+ while {[gets $fd line] >= 0} {
+ if {$line == ""} { break }
+ puts $line
+ }
+ catch {close $fd}
+}